Europol nabs cyber crooks behind 21,000-strong hacked server store

The European Cybercrime Centre (EC3) reported arresting two unnamed Ukrainians in Madrid as a part of a joint operation with the Spanish National Police, codenamed Operation Ransom II.

"On 9 July, Spanish National Police arrested the two criminals and searched their house. One of them was caught red-handed, running virtual machines and chatting with other cyber criminals," read the report.

Europol said authorities seized a variety of items during the raid, including €50,000 in cash, as the group raked in huge profits from their scams.

The hackers had reportedly managed to compromise 21,000 company servers and had successfully sold access to them to more than 450 criminal groups. "The 21,000 compromised servers of companies located in 80 countries (1,500 of them in Spain) had a common feature whereby access settings were via a remote desktop (RDP)," read the report.

"With this set-up, the cyber criminal could access all information contained on the servers, using full administrator privileges for the system, i.e. absolute control. The criminals ran an online shop where the compromised machines were 'sold' to 450 of their cyber criminal 'customers' who were able to choose the location (country) of their preferred servers."

At the time of publishing Europol had not responded to V3's request for comment on how many servers were located in the UK.

Europol said the takedown was only possible thanks to cross-department and agency cooperation and data sharing. "This Spanish National Police investigation was supported from the early stages by Europol specialists, who organised and hosted a coordination meeting in April 2013," read the report.

"Europol then facilitated the exchange of criminal intelligence with other EU member states, delivered analytical reports and supported the operation on the spot with a mobile office and technical advice. Europol will receive data on the compromised computers so it can be analysed and distributed to law enforcement authorities, who in turn can notify those server owners affected by the criminals' activity."

Increasing cross-national collaboration regarding cyber threats has been an ongoing goal of the European Commission. The EC3 centre is a central part of this strategy. The centre launched earlier this year with a staff of 40 and an annual €7m budget, drawn from Europol's existing €84m funding.

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.